[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0316Date: (C)2009-01-28   (M)2024-02-22


Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-33447
APPLE-SA-2010-03-29-1
MDVSA-2009:047
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
http://support.apple.com/kb/HT4077
https://bugzilla.redhat.com/show_bug.cgi?id=481565
https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045
vim-pysyssetargv-privilege-escalation(48275)

CPE    4
cpe:/a:vim:vim:6.1
cpe:/a:vim:vim:5.6
cpe:/a:vim:vim:6.3
cpe:/a:vim:vim:7.2
...
OVAL    4
oval:org.secpod.oval:def:300593
oval:org.secpod.oval:def:301236
oval:org.secpod.oval:def:3863
oval:org.secpod.oval:def:89048081
...

© SecPod Technologies